package jadex.platform.service.security.impl;

import jadex.bridge.IComponentIdentifier;
import jadex.bridge.service.types.security.ISecurityInfo;
import jadex.commons.ByteArrayWrapper;
import jadex.commons.SUtil;
import jadex.commons.Tuple2;
import jadex.commons.collection.MultiCollection;
import jadex.commons.security.SSecurity;
import jadex.platform.service.security.SecurityAgent;
import jadex.platform.service.security.auth.AbstractAuthenticationSecret;
import jadex.platform.service.security.auth.AbstractX509PemSecret;
import jadex.platform.service.security.auth.AuthToken;
import jadex.platform.service.security.auth.Blake2bX509AuthenticationSuite;
import jadex.platform.service.security.auth.IAuthenticationSuite;
import jadex.platform.service.security.auth.X509AuthToken;
import jadex.platform.service.security.auth.X509PemStringsSecret;
import jadex.platform.service.security.handshake.BasicSecurityMessage;
import jadex.platform.service.security.handshake.InitialHandshakeFinalMessage;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Logger;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.crypto.digests.Blake2bDigest;
import org.bouncycastle.crypto.engines.ChaChaEngine;
import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
import org.bouncycastle.crypto.macs.Poly1305;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.util.Pack;

/* loaded from: input_file:jadex/platform/service/security/impl/AbstractChaCha20Poly1305Suite.class */
public abstract class AbstractChaCha20Poly1305Suite extends AbstractCryptoSuite {
    protected Object ephemeralkey;
    protected byte[] remotepublickey;
    protected byte[] challenge;
    protected IAuthenticationSuite authsuite;
    protected int nextstep;
    protected Map<ByteArrayWrapper, String> hashednetworknames;
    protected int[] key = new int[8];
    protected AtomicLong msgid = new AtomicLong(-9223372034707292161L);
    protected int nonceprefix;

    /* loaded from: input_file:jadex/platform/service/security/impl/AbstractChaCha20Poly1305Suite$AckExchangeMessage.class */
    protected static class AckExchangeMessage extends BasicSecurityMessage {
        protected byte[] challenge;
        protected byte[] pakeround1data;
        protected byte[] pakeround2data;

        public AckExchangeMessage() {
        }

        public AckExchangeMessage(IComponentIdentifier iComponentIdentifier, String str) {
            super(iComponentIdentifier, str);
        }

        public byte[] getChallenge() {
            return this.challenge;
        }

        public void setChallenge(byte[] bArr) {
            this.challenge = bArr;
        }

        public byte[] getPakeRound1Data() {
            return this.pakeround1data;
        }

        public void setPakeRound1Data(byte[] bArr) {
            this.pakeround1data = bArr;
        }

        public byte[] getPakeRound2Data() {
            return this.pakeround2data;
        }

        public void setPakeRound2Data(byte[] bArr) {
            this.pakeround2data = bArr;
        }
    }

    /* loaded from: input_file:jadex/platform/service/security/impl/AbstractChaCha20Poly1305Suite$KeyExchangeMessage.class */
    protected static class KeyExchangeMessage extends BasicSecurityMessage {
        protected byte[] publickey;
        protected AuthToken platformnamesig;
        protected Tuple2<AuthToken, AuthToken> platformsecretsigs;
        protected MultiCollection<ByteArrayWrapper, AuthToken> networksigs;
        protected byte[] pakeround2data;

        public KeyExchangeMessage() {
        }

        public KeyExchangeMessage(IComponentIdentifier iComponentIdentifier, String str) {
            super(iComponentIdentifier, str);
        }

        public byte[] getPakeRound2Data() {
            return this.pakeround2data;
        }

        public void setPakeRound2Data(byte[] bArr) {
            this.pakeround2data = bArr;
        }

        public byte[] getPublicKey() {
            return this.publickey;
        }

        public void setPublicKey(byte[] bArr) {
            this.publickey = bArr;
        }

        public MultiCollection<ByteArrayWrapper, AuthToken> getNetworkSigs() {
            return this.networksigs;
        }

        public void setNetworkSigs(MultiCollection<ByteArrayWrapper, AuthToken> multiCollection) {
            this.networksigs = multiCollection;
        }

        public Tuple2<AuthToken, AuthToken> getPlatformSecretSigs() {
            return this.platformsecretsigs;
        }

        public void setPlatformSecretSigs(Tuple2<AuthToken, AuthToken> tuple2) {
            this.platformsecretsigs = tuple2;
        }

        public AuthToken getPlatformNameSig() {
            return this.platformnamesig;
        }

        public void setPlatformNameSig(AuthToken authToken) {
            this.platformnamesig = authToken;
        }
    }

    /* loaded from: input_file:jadex/platform/service/security/impl/AbstractChaCha20Poly1305Suite$ReadyMessage.class */
    protected static final class ReadyMessage extends BasicSecurityMessage {
        public ReadyMessage() {
        }

        public ReadyMessage(IComponentIdentifier iComponentIdentifier, String str) {
            super(iComponentIdentifier, str);
        }
    }

    /* loaded from: input_file:jadex/platform/service/security/impl/AbstractChaCha20Poly1305Suite$StartExchangeMessage.class */
    protected static class StartExchangeMessage extends BasicSecurityMessage {
        protected byte[] challenge;
        protected byte[] pakeround1data;

        public StartExchangeMessage() {
        }

        public StartExchangeMessage(IComponentIdentifier iComponentIdentifier, String str) {
            super(iComponentIdentifier, str);
        }

        public byte[] getChallenge() {
            return this.challenge;
        }

        public void setChallenge(byte[] bArr) {
            this.challenge = bArr;
        }

        public byte[] getPakeRound1Data() {
            return this.pakeround1data;
        }

        public void setPakeRound1Data(byte[] bArr) {
            this.pakeround1data = bArr;
        }
    }

    @Override // jadex.platform.service.security.ICryptoSuite
    public byte[] encryptAndSign(byte[] bArr) {
        return chacha20Poly1305Enc(bArr, this.key, this.nonceprefix, this.msgid.getAndIncrement());
    }

    @Override // jadex.platform.service.security.ICryptoSuite
    public byte[] decryptAndAuth(byte[] bArr) {
        byte[] chacha20Poly1305Dec = chacha20Poly1305Dec(bArr, this.key, this.nonceprefix ^ (-1));
        if (chacha20Poly1305Dec != null && !isValid(Pack.littleEndianToLong(bArr, 8))) {
            chacha20Poly1305Dec = null;
        }
        return chacha20Poly1305Dec;
    }

    @Override // jadex.platform.service.security.ICryptoSuite
    public byte[] decryptAndAuthLocal(byte[] bArr) {
        return chacha20Poly1305Dec(bArr, this.key, this.nonceprefix);
    }

    @Override // jadex.platform.service.security.ICryptoSuite
    public ISecurityInfo getSecurityInfos() {
        return this.secinf;
    }

    @Override // jadex.platform.service.security.ICryptoSuite
    public boolean isExpiring() {
        return this.msgid.get() < -9223372034707292161L;
    }

    @Override // jadex.platform.service.security.ICryptoSuite
    public boolean handleHandshake(SecurityAgent securityAgent, BasicSecurityMessage basicSecurityMessage) {
        boolean z = true;
        if (this.nextstep == 0 && (basicSecurityMessage instanceof InitialHandshakeFinalMessage)) {
            this.authsuite = new Blake2bX509AuthenticationSuite();
            StartExchangeMessage startExchangeMessage = new StartExchangeMessage(securityAgent.getComponentIdentifier(), basicSecurityMessage.getConversationId());
            this.challenge = new byte[32];
            SSecurity.getSecureRandom().nextBytes(this.challenge);
            startExchangeMessage.setChallenge(this.challenge);
            startExchangeMessage.setPakeRound1Data(this.authsuite.getPakeRound1(securityAgent, basicSecurityMessage.getSender().getRoot()));
            securityAgent.sendSecurityHandshakeMessage(basicSecurityMessage.getSender(), startExchangeMessage);
            this.nextstep = 1;
        } else if (this.nextstep == -1 && (basicSecurityMessage instanceof StartExchangeMessage)) {
            StartExchangeMessage startExchangeMessage2 = (StartExchangeMessage) basicSecurityMessage;
            AckExchangeMessage ackExchangeMessage = new AckExchangeMessage(securityAgent.getComponentIdentifier(), startExchangeMessage2.getConversationId());
            this.challenge = new byte[32];
            SSecurity.getSecureRandom().nextBytes(this.challenge);
            ackExchangeMessage.setChallenge(this.challenge);
            this.challenge = new byte[32];
            Blake2bDigest blake2bDigest = new Blake2bDigest(256);
            blake2bDigest.update(startExchangeMessage2.getChallenge(), 0, startExchangeMessage2.getChallenge().length);
            blake2bDigest.update(ackExchangeMessage.getChallenge(), 0, ackExchangeMessage.getChallenge().length);
            blake2bDigest.doFinal(this.challenge, 0);
            this.authsuite = new Blake2bX509AuthenticationSuite();
            IComponentIdentifier root = startExchangeMessage2.getSender().getRoot();
            try {
                ackExchangeMessage.setPakeRound1Data(this.authsuite.getPakeRound1(securityAgent, root));
                ackExchangeMessage.setPakeRound2Data(this.authsuite.getPakeRound2(securityAgent, root, startExchangeMessage2.getPakeRound1Data()));
            } catch (Exception e) {
            }
            securityAgent.sendSecurityHandshakeMessage(basicSecurityMessage.getSender(), ackExchangeMessage);
            this.nextstep = -2;
            this.hashednetworknames = getHashedNetworkNames(securityAgent.getInternalNetworks().keySet(), this.challenge);
        } else if (this.nextstep == 1 && (basicSecurityMessage instanceof AckExchangeMessage)) {
            AckExchangeMessage ackExchangeMessage2 = (AckExchangeMessage) basicSecurityMessage;
            Blake2bDigest blake2bDigest2 = new Blake2bDigest(256);
            blake2bDigest2.update(this.challenge, 0, this.challenge.length);
            blake2bDigest2.update(ackExchangeMessage2.getChallenge(), 0, ackExchangeMessage2.getChallenge().length);
            this.challenge = new byte[32];
            blake2bDigest2.doFinal(this.challenge, 0);
            this.hashednetworknames = getHashedNetworkNames(securityAgent.getInternalNetworks().keySet(), this.challenge);
            IComponentIdentifier root2 = ackExchangeMessage2.getSender().getRoot();
            KeyExchangeMessage keyExchangeMessage = new KeyExchangeMessage(securityAgent.getComponentIdentifier(), ackExchangeMessage2.getConversationId());
            try {
                keyExchangeMessage.setPakeRound2Data(this.authsuite.getPakeRound2(securityAgent, root2, ackExchangeMessage2.getPakeRound1Data()));
                this.authsuite.finalizePake(securityAgent, root2, ackExchangeMessage2.getPakeRound2Data());
            } catch (Exception e2) {
            }
            this.ephemeralkey = createEphemeralKey();
            byte[] pubKey = getPubKey();
            keyExchangeMessage.setPublicKey(pubKey);
            if (securityAgent.getInternalUsePlatformSecret()) {
                keyExchangeMessage.setPlatformSecretSigs(getPlatformSignatures(pubKey, securityAgent, root2));
            }
            keyExchangeMessage.setNetworkSigs(getNetworkSignatures(pubKey, securityAgent.getInternalNetworks()));
            keyExchangeMessage.setPlatformNameSig(getPlatformNameSignature(pubKey, securityAgent.getInternalPlatformNameCertificate()));
            securityAgent.sendSecurityHandshakeMessage(basicSecurityMessage.getSender(), keyExchangeMessage);
            this.nextstep = 2;
        } else if (this.nextstep == -2 && (basicSecurityMessage instanceof KeyExchangeMessage)) {
            KeyExchangeMessage keyExchangeMessage2 = (KeyExchangeMessage) basicSecurityMessage;
            IComponentIdentifier root3 = keyExchangeMessage2.getSender().getRoot();
            try {
                this.authsuite.finalizePake(securityAgent, root3, keyExchangeMessage2.getPakeRound2Data());
            } catch (Exception e3) {
            }
            this.remotepublickey = keyExchangeMessage2.getPublicKey();
            String obj = keyExchangeMessage2.getSender().getRoot().toString();
            String str = null;
            if (verifyPlatformNameSignature(this.remotepublickey, keyExchangeMessage2.getPlatformNameSig(), securityAgent.getInternalNameAuthorities(), obj)) {
                str = obj;
            }
            setupSecInfos(root3, verifyNetworkSignatures(this.remotepublickey, keyExchangeMessage2.getNetworkSigs(), securityAgent.getInternalNetworks()), verifyPlatformSignatures(this.remotepublickey, keyExchangeMessage2.getPlatformSecretSigs(), securityAgent.getInternalPlatformSecret()) & securityAgent.getInternalUsePlatformSecret(), str, securityAgent);
            this.ephemeralkey = createEphemeralKey();
            byte[] pubKey2 = getPubKey();
            this.nonceprefix = Pack.littleEndianToInt(this.challenge, 0);
            KeyExchangeMessage keyExchangeMessage3 = new KeyExchangeMessage(securityAgent.getComponentIdentifier(), keyExchangeMessage2.getConversationId());
            keyExchangeMessage3.setPublicKey(pubKey2);
            if (securityAgent.getInternalUsePlatformSecret()) {
                keyExchangeMessage3.setPlatformSecretSigs(getPlatformSignatures(pubKey2, securityAgent, root3));
            }
            keyExchangeMessage3.setNetworkSigs(getNetworkSignatures(pubKey2, securityAgent.getInternalNetworks()));
            keyExchangeMessage3.setPlatformNameSig(getPlatformNameSignature(pubKey2, securityAgent.getInternalPlatformNameCertificate()));
            securityAgent.sendSecurityHandshakeMessage(basicSecurityMessage.getSender(), keyExchangeMessage3);
            this.nextstep = -3;
        } else if (this.nextstep == 2 && (basicSecurityMessage instanceof KeyExchangeMessage)) {
            KeyExchangeMessage keyExchangeMessage4 = (KeyExchangeMessage) basicSecurityMessage;
            IComponentIdentifier root4 = keyExchangeMessage4.getSender().getRoot();
            this.remotepublickey = keyExchangeMessage4.getPublicKey();
            String obj2 = keyExchangeMessage4.getSender().getRoot().toString();
            String str2 = null;
            if (verifyPlatformNameSignature(this.remotepublickey, keyExchangeMessage4.getPlatformNameSig(), securityAgent.getInternalNameAuthorities(), obj2)) {
                str2 = obj2;
            }
            setupSecInfos(root4, verifyNetworkSignatures(this.remotepublickey, keyExchangeMessage4.getNetworkSigs(), securityAgent.getInternalNetworks()), verifyPlatformSignatures(this.remotepublickey, keyExchangeMessage4.getPlatformSecretSigs(), securityAgent.getInternalPlatformSecret()) & securityAgent.getInternalUsePlatformSecret(), str2, securityAgent);
            this.nonceprefix = Pack.littleEndianToInt(this.challenge, 0);
            this.nonceprefix ^= -1;
            this.key = generateChaChaKey();
            this.ephemeralkey = null;
            this.challenge = null;
            this.hashednetworknames = null;
            this.remotepublickey = null;
            this.authsuite = null;
            securityAgent.sendSecurityHandshakeMessage(keyExchangeMessage4.getSender(), new ReadyMessage(securityAgent.getComponentIdentifier(), keyExchangeMessage4.getConversationId()));
            z = false;
            this.nextstep = Integer.MAX_VALUE;
        } else {
            if (this.nextstep != -3 || !(basicSecurityMessage instanceof ReadyMessage)) {
                throw new SecurityException("Protocol violation detected.");
            }
            this.key = generateChaChaKey();
            this.ephemeralkey = null;
            this.remotepublickey = null;
            this.challenge = null;
            this.hashednetworknames = null;
            this.authsuite = null;
            z = false;
            this.nextstep = Integer.MIN_VALUE;
        }
        return z;
    }

    @Override // jadex.platform.service.security.impl.AbstractCryptoSuite, jadex.platform.service.security.ICryptoSuite
    public void setInitializer(boolean z) {
        if (z) {
            this.nextstep = -1;
        }
    }

    public void destroy() {
        this.ephemeralkey = null;
        this.challenge = null;
        this.authsuite = null;
        if (this.key != null) {
            byte[] bArr = new byte[this.key.length << 2];
            SSecurity.getSecureRandom().nextBytes(bArr);
            Pack.littleEndianToInt(bArr, 0, this.key);
        }
        this.key = null;
        this.nonceprefix = 0;
        this.msgid.set(0L);
        this.secinf = null;
    }

    protected Tuple2<AuthToken, AuthToken> getPlatformSignatures(byte[] bArr, SecurityAgent securityAgent, IComponentIdentifier iComponentIdentifier) {
        AuthToken authToken = null;
        AbstractAuthenticationSecret internalPlatformSecret = securityAgent.getInternalPlatformSecret();
        if (internalPlatformSecret != null && internalPlatformSecret.canSign()) {
            authToken = signKey(this.challenge, bArr, internalPlatformSecret);
        }
        AuthToken authToken2 = null;
        AbstractAuthenticationSecret internalPlatformSecret2 = securityAgent.getInternalPlatformSecret(iComponentIdentifier);
        if (internalPlatformSecret2 != null && internalPlatformSecret2.canSign()) {
            authToken2 = signKey(this.challenge, bArr, internalPlatformSecret2);
        }
        if (authToken == null && authToken2 == null) {
            return null;
        }
        return new Tuple2<>(authToken, authToken2);
    }

    protected boolean verifyPlatformSignatures(byte[] bArr, Tuple2<AuthToken, AuthToken> tuple2, AbstractAuthenticationSecret abstractAuthenticationSecret) {
        boolean z = false;
        if (tuple2 != null) {
            if (tuple2.getFirstEntity() != null) {
                z = verifyKey(this.challenge, bArr, abstractAuthenticationSecret, (AuthToken) tuple2.getFirstEntity());
            }
            if (!z && tuple2.getSecondEntity() != null) {
                z = verifyKey(this.challenge, bArr, abstractAuthenticationSecret, (AuthToken) tuple2.getSecondEntity());
            }
        }
        return z;
    }

    public AuthToken getPlatformNameSignature(byte[] bArr, AbstractX509PemSecret abstractX509PemSecret) {
        AuthToken authToken = null;
        if (abstractX509PemSecret != null) {
            authToken = signKey(this.challenge, bArr, abstractX509PemSecret);
        }
        return authToken;
    }

    public boolean verifyPlatformNameSignature(byte[] bArr, AuthToken authToken, Set<X509CertificateHolder> set, String str) {
        boolean z = false;
        try {
            if (authToken instanceof X509AuthToken) {
                X509AuthToken x509AuthToken = (X509AuthToken) authToken;
                Iterator<X509CertificateHolder> it = set.iterator();
                while (it.hasNext()) {
                    if (verifyKey(this.challenge, bArr, new X509PemStringsSecret(SSecurity.writeCertificateAsPEM(it.next()), null), x509AuthToken)) {
                        z = SSecurity.checkEntity(SSecurity.readCertificateFromPEM(x509AuthToken.getCertificate()), str);
                        if (z) {
                            break;
                        }
                    }
                }
            }
        } catch (Exception e) {
        }
        return z;
    }

    protected MultiCollection<ByteArrayWrapper, AuthToken> getNetworkSignatures(byte[] bArr, MultiCollection<String, AbstractAuthenticationSecret> multiCollection) {
        AuthToken signKey;
        MultiCollection<ByteArrayWrapper, AuthToken> multiCollection2 = new MultiCollection<>();
        if (this.hashednetworknames.size() > 0) {
            for (Map.Entry<ByteArrayWrapper, String> entry : this.hashednetworknames.entrySet()) {
                Collection<AbstractAuthenticationSecret> collection = multiCollection.get(entry.getValue());
                if (collection != null && collection.size() > 0) {
                    for (AbstractAuthenticationSecret abstractAuthenticationSecret : collection) {
                        if (abstractAuthenticationSecret.canSign() && (signKey = signKey(this.challenge, bArr, abstractAuthenticationSecret)) != null) {
                            multiCollection2.add(entry.getKey(), signKey);
                        }
                    }
                }
            }
        }
        return multiCollection2;
    }

    protected List<String> verifyNetworkSignatures(byte[] bArr, MultiCollection<ByteArrayWrapper, AuthToken> multiCollection, MultiCollection<String, AbstractAuthenticationSecret> multiCollection2) {
        Collection<AbstractAuthenticationSecret> collection;
        ArrayList arrayList = new ArrayList();
        if (multiCollection != null) {
            for (Map.Entry entry : multiCollection.entrySet()) {
                String str = this.hashednetworknames.get(entry.getKey());
                if (str != null && (collection = multiCollection2.get(str)) != null) {
                    boolean z = false;
                    for (AbstractAuthenticationSecret abstractAuthenticationSecret : collection) {
                        Iterator it = ((Collection) entry.getValue()).iterator();
                        while (it.hasNext()) {
                            z = verifyKey(this.challenge, bArr, abstractAuthenticationSecret, (AuthToken) it.next());
                            if (z) {
                                break;
                            }
                        }
                    }
                    if (!z) {
                        throw new SecurityException("Remote platform presented unverifiable network signature for network " + str + ", handshake terminated.");
                    }
                    arrayList.add(str);
                }
            }
        }
        Logger.getLogger("security").fine("Remote networks verified: " + Arrays.toString(arrayList.toArray()));
        return arrayList;
    }

    protected AuthToken signKey(byte[] bArr, byte[] bArr2, AbstractAuthenticationSecret abstractAuthenticationSecret) {
        byte[] bArr3 = new byte[bArr2.length + bArr.length];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        System.arraycopy(bArr, 0, bArr3, bArr2.length, bArr.length);
        return this.authsuite.createAuthenticationToken(bArr3, abstractAuthenticationSecret);
    }

    protected boolean verifyKey(byte[] bArr, byte[] bArr2, AbstractAuthenticationSecret abstractAuthenticationSecret, AuthToken authToken) {
        byte[] bArr3 = new byte[bArr2.length + bArr.length];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        System.arraycopy(bArr, 0, bArr3, bArr2.length, bArr.length);
        return this.authsuite.verifyAuthenticationToken(bArr3, abstractAuthenticationSecret, authToken);
    }

    protected void finalize() throws Throwable {
        destroy();
    }

    protected static final ByteArrayWrapper hashNetworkName(String str, byte[] bArr) {
        Blake2bDigest blake2bDigest = new Blake2bDigest(str.getBytes(SUtil.UTF8));
        byte[] bArr2 = new byte[blake2bDigest.getDigestSize()];
        blake2bDigest.update(bArr, 0, bArr.length);
        blake2bDigest.doFinal(bArr2, 0);
        return new ByteArrayWrapper(bArr2);
    }

    protected static final Map<ByteArrayWrapper, String> getHashedNetworkNames(Set<String> set, byte[] bArr) {
        HashMap hashMap = new HashMap();
        for (String str : set) {
            hashMap.put(hashNetworkName(str, bArr), str);
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final byte[] chacha20Poly1305Enc(byte[] bArr, int[] iArr, int i, long j) {
        int[] iArr2 = new int[16];
        byte[] bArr2 = new byte[32];
        setupChaChaState(iArr2, iArr, 0, i, j);
        ChaChaEngine.chachaCore(20, iArr2, iArr2);
        for (int i2 = 0; i2 < 8; i2++) {
            Pack.intToLittleEndian(iArr2[i2], bArr2, i2 << 2);
        }
        Poly1305KeyGenerator.clamp(bArr2);
        int i3 = 0 + 1;
        int pad16Size = pad16Size(bArr.length + 4);
        byte[] bArr3 = new byte[pad16Size + 32];
        System.arraycopy(bArr, 0, bArr3, 16, bArr.length);
        Pack.intToLittleEndian(bArr.length, bArr3, bArr3.length - 20);
        Pack.longToLittleEndian(j, bArr3, 8);
        int i4 = 16;
        while (i4 < bArr3.length - 16) {
            setupChaChaState(iArr2, iArr, i3, i, j);
            ChaChaEngine.chachaCore(20, iArr2, iArr2);
            i3++;
            for (int i5 = 0; i5 < iArr2.length && i4 < bArr3.length - 16; i5++) {
                Pack.intToLittleEndian(Pack.littleEndianToInt(bArr3, i4) ^ iArr2[i5], bArr3, i4);
                i4 += 4;
            }
        }
        Poly1305 poly1305 = new Poly1305();
        poly1305.init(new KeyParameter(bArr2));
        poly1305.update(bArr3, 0, bArr3.length - 16);
        poly1305.doFinal(bArr3, 16 + pad16Size);
        return bArr3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final byte[] chacha20Poly1305Dec(byte[] bArr, int[] iArr, int i) {
        int littleEndianToInt;
        byte[] bArr2 = null;
        try {
            long littleEndianToLong = Pack.littleEndianToLong(bArr, 8);
            int[] iArr2 = new int[16];
            byte[] bArr3 = new byte[32];
            setupChaChaState(iArr2, iArr, 0, i, littleEndianToLong);
            ChaChaEngine.chachaCore(20, iArr2, iArr2);
            for (int i2 = 0; i2 < 8; i2++) {
                Pack.intToLittleEndian(iArr2[i2], bArr3, i2 << 2);
            }
            Poly1305KeyGenerator.clamp(bArr3);
            int i3 = 0 + 1;
            byte[] bArr4 = new byte[16];
            Poly1305 poly1305 = new Poly1305();
            poly1305.init(new KeyParameter(bArr3));
            poly1305.update(bArr, 0, bArr.length - 16);
            poly1305.doFinal(bArr4, 0);
            for (int i4 = 0; i4 < bArr4.length; i4++) {
                if (bArr4[i4] != bArr[(bArr.length - 16) + i4]) {
                    return null;
                }
            }
            int i5 = 16;
            while (i5 < bArr.length - 16) {
                setupChaChaState(iArr2, iArr, i3, i, littleEndianToLong);
                ChaChaEngine.chachaCore(20, iArr2, iArr2);
                i3++;
                for (int i6 = 0; i6 < iArr2.length && i5 < bArr.length - 16; i6++) {
                    Pack.intToLittleEndian(Pack.littleEndianToInt(bArr, i5) ^ iArr2[i6], bArr, i5);
                    i5 += 4;
                }
            }
            littleEndianToInt = Pack.littleEndianToInt(bArr, bArr.length - 20);
        } catch (Exception e) {
        }
        if (littleEndianToInt < 0 || littleEndianToInt > bArr.length - 36) {
            return null;
        }
        bArr2 = new byte[littleEndianToInt];
        System.arraycopy(bArr, 16, bArr2, 0, bArr2.length);
        return bArr2;
    }

    protected static final void setupChaChaState(int[] iArr, int[] iArr2, int i, int i2, long j) {
        iArr[0] = 1634760805;
        iArr[1] = 857760878;
        iArr[2] = 2036477234;
        iArr[3] = 1797285236;
        System.arraycopy(iArr2, 0, iArr, 4, iArr2.length);
        iArr[12] = i;
        iArr[13] = i2;
        iArr[14] = (int) (j >>> 32);
        iArr[15] = (int) j;
    }

    protected static final int pad16Size(int i) {
        return (i + 15) & (-16);
    }

    protected abstract byte[] getPubKey();

    protected abstract Object createEphemeralKey();

    protected abstract byte[] generateSharedKey();

    private int[] generateChaChaKey() {
        byte[] generateSharedKey = generateSharedKey();
        Blake2bDigest blake2bDigest = new Blake2bDigest(256);
        blake2bDigest.update(generateSharedKey, 0, generateSharedKey.length);
        byte[] bArr = new byte[32];
        blake2bDigest.doFinal(bArr, 0);
        int[] iArr = new int[8];
        Pack.littleEndianToInt(bArr, 0, iArr);
        return iArr;
    }
}
